Stellungnahme zur EU FinTech consultation | Bitkom e.V.

(1)

Contribution ID: 18532841-7705-44c2-8c49-1e501d595f65 Date: 15/06/2017 08:46:49

Public consultation on FinTech: a more competitive and innovative European financial sector

Fields marked with * are mandatory.

Introduction

Thank you for taking the time to respond to this consultation on technology-enabled innovation in financial services (FinTech). Our goal is to create an enabling environment where innovative financial service solutions take off at a brisk pace all over the EU, while ensuring financial stability, financial integrity and safety for consumers, firms and investors alike.

Please note: In order to ensure a fair and transparent consultation process only responses and included in the report received through our online questionnaire will be taken into account

summarising the responses. Should you have a problem completing this questionnaire or if you require particular assistance, please contact fisma-fintech@ec.europa.eu.

More information:

on this consultation

on the protection of personal data regime for this consultation

1. Information about you

(2)

*

Are you replying as:

a private individual

an organisation or a company

a public authority or an international organisation

*

Name of your organisation:

Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e. V.

Contact email address:

The information you provide here is for administrative purposes only and will not be published j.lynker@bitkom.org

*

Is your organisation included in the Transparency Register?

(If your organisation is not registered, we invite you to register here, although it is not compulsory to be registered to reply to this consultation. Why a transparency register?)

Yes No

*

If so, please indicate your Register ID number:

5351830264-31

*

Type of organisation:

Academic institution Company, SME, micro-enterprise, sole trader Consultancy, law firm Consumer organisation

Industry association Media

Non-governmental organisation Think tank

Trade union Other

*

Please indicate the size of your organisation:

less than 10 employees

*

(3)

*

Field of activity or sector (if applicable):

at least 1 choice(s) Accounting

Asset management Auditing

Banking Brokerage

Credit rating agency Crowdfunding

Financial market infrastructure (e.g. CCP, CSD, stock exchange) Insurance

Investment advice Payment service Pension provision Regulator

Social entrepreneurship Social media

Supervisor

Technology provider Trading platform Other

Not applicable

Important notice on the publication of responses

*

Contributions received are intended for publication on the Commission’s website. Do you agree to your contribution being published?

(see specific privacy statement )

Yes, I agree to my response being published under the name I indicate (name of your organisation )

/company/public authority or your name if your reply as an individual No, I do not want my response to be published

2. Your opinion

1. Fostering access to financial services for consumers and businesses

*

(4)

FinTech can be an important driver to expand access to financial services for consumers, investors and companies, bringing greater choice and more user-friendly services, often at lower prices. Current limitations in traditional financial service markets (e.g. opacity, lack of use of big data, insufficient competition), such as financial advice, consumer credit or insurance, may foreclose access to some categories of individuals and firms. New financial technologies can thus help individuals as well as small and medium-sized enterprises (SMEs), including start-up and scale-up companies, to access alternative funding sources for supporting their cash flow and risk capital needs.

At the same time, potential redundancy of specific back-office functions or even of entire market players due to automation via FinTech solutions might have adverse implications in terms of employment in the financial industry, even though new jobs would also be created as part of the FinTech solutions. The latter, however, might require a different skill mix.

Question 1.1: What type of FinTech applications do you use, how often and why? In which area of financial services would you like to see more FinTech solutions and why?

Bitkom represents more than 2,400 companies in the digital sector, including 1,600 direct members. With more than 700,000 employees, our members generate a domestic turnover of 140 billion Euros a year, exporting high-tech goods and services worth another 50 billion Euros. They produce hardware and consumer electronics or operate in the sectors of digital media and the network industry. 78 percent of the companies’ headquarters are located in Germany with an additional amount of 9 percent in other countries of the EU and 9 percent in the USA as well as 4 percent in other regions. Bitkom supports an innovative economic policy by focusing the modernization of the education sector and a future-oriented network policy

Our members include various FinTechs, Banks and Service Providers using innovative Software driven solutions as core products or as part of a broad product portfolio. Solutions our member offer range from payment services, mobile wallets, account information services to robo advice, digital

portfolio management, deposit aggregation, crowd financing to lending

solutions. Due to the broad range of companies being represented in Bitkom, all areas of FinTech solutions are covered. This includes fully regulated licensed banks, asset managers & insurance companies as well as non regulated companies.

Artificial intelligence and big data analytics for automated financial advice and

(5)

Question 1.2: Is there evidence that automated financial advice reaches more consumers, firms, investors in the different areas of financial services (investment services, insurance, etc.)?

Yes No

Don’t know / no opinion / not relevant

If there is evidence that automated financial advice reaches more consumers, firms, investors in the different areas of financial services, at what pace does this happen? And are these services better adapted to user needs? Please explain.

Automated financial advice helps to reduce the time to serve while allowing 24 / 7 availability of basic first level support which would otherwise not be affordable. This fact helps companies to extend their existing service

portfolio in order to provide a better first level support for a broader audience.

Question 1.3: Is enhanced oversight of the use of artificial intelligence (and its underpinning algorithmic infrastructure) required? For instance, should a system of initial and ongoing review of the technological architecture, including transparency and reliability of the algorithms, be put in place?

Yes No

Please elaborate on your answer to whether enhanced oversight of the use of artificial

intelligence is required, and explain what could more effective alternatives to such a system be.

Since the development of AI solutions is still in a very early stage, Bitkom is convinced that the regulatory focus should lay on providing an environment that supports the development of innovative companies and ideas within the area of the EU. We see technological neutral standards via formalized ethics requirements (code of conduct) as a way to steer the development of AI

applications without compromising competitiveness within the single market area. A second corner stone is to increase the technology and media

competence of users when dealing with AI applications and services. In this regard we advocate a general implementation of IT education as part of the general school’s curriculum on member state levels.

(6)

Question 1.4: What minimum characteristics and amount of information about the service user and the product portfolio (if any) should be included in algorithms used by the service

providers (e.g. as regards risk profile)?

The individualization of services requires high quality data. In an environment of platform markets data quality and accuracy become a competitive advantage that might make the difference between success or

failure for businesses. Supporting the competitiveness of the EU in the field of platform economies requires therefore reevaluating the principle of

general data protection towards a system of data sovereignty. User should be empowered to make conscious decisions whether particular data can be used or not. In order to provide value added services, the shared usage of data between companies should be allowed in order to consolidate data sets providing more information points around individual users.

Question 1.5: What consumer protection challenges/risks have you identified with regard to artificial intelligence and big data analytics (e.g. robo-advice)? What measures, do you think, should be taken to address these risks/challenges?

Bitkom identified the risk of false or incomplete information when providing individualized services as a potential risk that might lead to false outputs.

Since AI and big data analytics systems are using the information provided, Bitkom advocates for the establishment of a data friendly environment that allows the collection and provision of a broad plurality of data inputs. Not every type of personalized data is worth protecting, we are convinced that a gradual system should be put in place making a clear distinction between personal data worth protecting and personal data worth sharing. Providing customer centric information allows the provision of individualized services instead of leaving the customer with one size fits all solutions that might not satisfy the customer needs to the fullest extent.

Social media and automated matching platforms: funding from the crowd

Please refer to the corresponding section of the consultation document to read some contextual information before answering the questions.

Question 1.6: Are national regulatory regimes for crowdfunding in Europe impacting on the

(7)

Please elaborate on your reply to whether there are national regulatory regimes for

crowdfunding in Europe impacting on the development of crowdfunding. Explain in what way, and what are the critical components of those regimes.

In Germany respective regimes are used in order to protect customers for making uninformed decisions. While protecting the customer, these regimes might prevent a seamless experience interaction with crowdfunding solutions.

In general it is important to ensure that global crowdfunding platforms keep their right to operate within the European Union. Standardized European regulation could guarantee a leveled playing field in this regard balancing customer protection without compromising innovation potential.

Question 1.7: How can the Commission support further development of FinTech solutions in the field of non-bank financing, i.e. peer-to-peer/marketplace lending, crowdfunding, invoice and supply chain finance?

Bitkom is convinced that the key for successful regulation lays in regulating the ecosystems as a congruent body without distinguishing between banks and non-banks. Good regulations is nondiscriminatory when it comes to rights and obligations while at the same time providing useful thresholds allowing the grass roots development of new businesses in an innovation friendly

environment. We see thresholds for regulations based on the principle of proportionality as the best way to take into account the specific nature of business of specific companies, allowing extended R&D for new use cases within the EU without compromising on competitiveness in a globalized environment.

Question 1.8: What minimum level of transparency should be imposed on fund-raisers and platforms? Are self-regulatory initiatives (as promoted by some industry associations and individual platforms) sufficient?

Bitkom advocates for self-regulatory initiatives in the field of fund-raisers and platforms. It becomes severely evident, that platform markets unlike other markets support a winner-takes-it-all output. In such environments we see high regulation setting an increased administrative burden for European businesses compared to US or Asian players. Focus of EU regulation in this regard should be to create a level playing field among the member states along the lines of the Digital Single Market strategy allowing the creation of a unified business space following similar rules and procedures.

Sensor data analytics and its impact on the insurance sector

(8)

Question 1.9: Can you give examples of how sensor data analytics and other technologies are changing the provision of insurance and other financial services? What are the challenges to the widespread use of new technologies in insurance services?

The usage of sensor data analytics allows the provision of individualized services and customized premiums within the insurance sector. In January 2017, eleven of the biggest insurance companies in Germany offered GPS fueled car insurances as alternative to the classic premium models built on

historical averages. Challenges for using these services come up in the process of storing, saving and handling personalized data. The requirements set via German data protection regulations (to be repealed via the GDPR) make the individualized pooling of data, which would allow the provision of

specific value added services, extremely difficult.

Question 1.10: Are there already examples of price discrimination of users through the use of big data?

Yes No

Please provide examples of what are the criteria used to discriminate on price (e.g. sensor analytics, requests for information, etc.)?

Bitkom has not observed any price discrimination through the use of big data yet. Indeed the current system of non-individualized data can be seen as discriminatory, forcing the majority of users to accept higher premiums due to the fraudulent and toxic behavior of individual actors. Any collection of information that can lead to a more congruent and complete picture around a customer and user can be used to provide a service based on objective

criteria instead of assumptions and uncertainties.

Other technologies that may improve access to financial services

(9)

Question 1.11: Can you please provide further examples of other technological applications that improve access to existing specific financial services or offer new services and of the related challenges? Are there combinations of existing and new technologies that you consider particularly innovative?

The creation of mobile only banking solutions allow to scale banking services at minimal costs for a broad and wide audience. In this regard FinTech

solutions allow the inclusion of million users into the finance market that had otherwise been declined as being unattractive customers. Similar

observations can be made in the field of crowd financing, where loans to individuals could be provided which would have otherwise been rejected

through traditional channels. Technological innovations can therefore be seen also as enabler for new types of businesses extending the existing scope beyond what has been possible or profitable in the past.

2. Bringing down operational costs and increasing efficiency for the industry

FinTech has the potential of bringing benefits, including cost reductions and faster provision of financial services, e.g., where it supports the streamlining of business processes. Nonetheless, FinTech applied to operations of financial service providers raises a number of operational challenges, such as cyber security and ability to overcome fragmentation of standards and processes across the industry.

Moreover, potential redundancy of specific front, middle and back-office functions or even of entire market players due to automation via FinTech solutions might have adverse implications in terms of employment in the financial industry, even though new jobs would also be created as part of the FinTech solutions. The latter, however, might require a different skill mix, calling for flanking policy measures to cushion their impact, in particular by investing in technology skills and exact science education (e.g. mathematics).

Question 2.1: What are the most promising use cases of FinTech to reduce costs and improve processes at your company? Does this involve collaboration with other market players?

Representing a broad majority of FinTechs and banks, no specific use case can be highlighted over another. A generalizing principle derives from the

application of innovative technology as part of products and services. The rise of mobile applications, Big-Data Analytics and AI as well as Cloud-

Computing allowed the creation of new products leading to a shift in customer demand. Individual users as well as business customers demand new types of interfaces and services from financial institutions in order to fit them in their changed landscapes of processes and preferences. It is therefore essential to support the development of innovative technology within Europe to stay ahead in a globalized economy.

(10)

Question 2.2: What measures (if any) should be taken at EU level to facilitate the development and implementation of the most promising use cases? How can the EU play its role in

developing the infrastructure underpinning FinTech innovation for the public good in Europe, be it through cloud computing infrastructure, distributed ledger technology, social media, mobile or security technology?

The EU should ensure that a level playing field is in place, allowing the deployment of solutions without having to face different requirements in every member state. Bitkom supports the Commission's stance on FinTech and its three core principles 1. Technological neutrality 2. Proportionality 3.

Market integrity.

We see an increased regulatory demand in the fields of unified requirements for credits as well as for the standardization of customer data across multiple platforms and business providers.

Many of existing FinTech business models require a dedicated license under the Banking and/or Financial Instruments Directive, which in Germany is

granted by the Federal Financial Supervisory Authority (BaFin). Since getting licensed is extremely costly and resource intensive, a broad majority of German FinTechs businesses are built on existing banking backbones using their infrastructure as white label solutions. European efforts to

standardize the interfaces for collaboration (Open Banking APIs) are very useful in order to support the FinTech ecosystem within the single market.

For other FinTechs – particularly in case of real innovations to the market – no possibility exists to obtain a Europe-wide license. This may lead to

disadvantages on the market as particularly national licenses cannot be passported. The EU should ensure that FinTechs have access to passportable licenses.

In order to take into account the principle of proportionality, Bitkom advocates for introducing a more granular system of licenses taking into account the specific requirements and diversities of financial services being provided. The existing system of having only three core licenses (banking, asset management, insurance) being passportable with high requirements is insufficient for promoting an agile innovative and diverse finance ecosystem.

A consolidation and unification of licenses similar to the effort made for the EU driving licence, introducing a modular system of certification, should be considered.

(11)

Question 2.3: What kind of impact on employment do you expect as a result of implementing FinTech solutions? What skills are required to accompany such change?

FinTech solutions are the result of a general digitalization in all areas of social and professional lives due to increased technological capabilities in the field of smarter and faster computing devices and an increased coverage of mobile broadband infrastructure. It becomes evident that an increased digitalization of processes and products creates a demand for a technology skills workforce. The digitalization of banking and financial services will with no doubt significantly impact the current employment schemes, as simple and repeating tasks will be subject to automation. While on the one hand, jobs will be replaced through technology, new jobs will be created in the process as technological work requires significant efforts in the field of programming and maintenance. The general trend will be the increasing demand for a highly skilled workforce, being able to solve all tasks that cannot be covered via automation.

RegTech: bringing down compliance costs

Question 2.4: What are the most promising use cases of technologies for compliance

purposes (RegTech)? What are the challenges and what (if any) are the measures that could be taken at EU level to facilitate their development and implementation?

RegTech has the potential to support big companies in the processes of

dealing with legal requirements in a highly regulated environment. Being able to digitalize processes and workflows within organizations allows the

modeling of regulatory touch points throughout the process. Bitkom supports a research project for finding common patterns among financial institutions in Germany towards their handling of regulation from money laundering, customer identification, sanctions up to tax compliance and competition compliance.

For Bitkom it would be highly useful to get a regulatory standard that would allow the certification of existing compliance infrastructures within banks and financial institutions towards a legally approved reference design.

Aiming for an European level playing field, Bitkom advocates implementing such a compliance reference design for financial institutions on EU level having the EBA as central standardizing authority.

Recording, storing and securing data: is cloud computing a cost effective and secure solution?

(12)

Question 2.5.1: What are the regulatory or supervisory obstacles preventing financial services firms from using cloud computing services?

Having the full control over customer data is a key obstacle for financial service data being stored in cloud applications. In Germany, data protection is perceived as key dogma among regulators. Bitkom therefore advocates to break this dogma by establishing unified European regulations, enabling the non-discriminatory usage of cloud services across all member states. We therefore support the establishment of a General Data Protection Regulation setting unified European standards for data handling and prosecution.

Another key component is the protection of cloud data against foreign intelligence services when data is stored within their vicinities. As the failing of the safe-harbor agreement has shown, it is crucial that

international agreements are enforced in order to exploit the full potential of cloud services as the danger of industrial espionage and data breaches can be mitigated.

Question 2.5.2: Does this warrant measures at EU level?

Yes No

Please elaborate on your reply to whether the regulatory or supervisory obstacles preventing financial services firms from using cloud computing services warrant measures at EU level.

The missing protection from foreign intelligence services is due to missing international sanctions in case of compromised data. Being solely responsible for the negotiation of international trade deals, the Commission would have various leverages to ensure that agreements on data protection can be

enforced.

Question 2.6.1: Do commercially available cloud solutions meet the minimum requirements

that financial service providers need to comply with?

(13)

Please elaborate on your reply to whether commercially available cloud solutions do meet the minimum requirements that financial service providers need to comply with.

Commercially available cloud solutions cover a broad range of services, host locations and service level agreements. For the success of cloud applications it is crucial to have high standards of data protection, infrastructure

security as well as for access and availability

Question 2.6.2: Should commercially available cloud solutions include any specific contractual obligations to this end?

Yes No

Please elaborate on your reply to whether commercially available cloud solutions should include any specific contractual obligations to this end.

In order make the usage of cloud applications attractive for financial institutions, it is crucial to find smart ways for risk sharing towards security incidents and data breaches. A specific certification of cloud solutions through regulatory agencies would help overcoming the stigma of cloud services as being the riskier alternative to classical cost intensive in-house solutions.

Disintermediating financial services: is Distributed Ledger Technology (DLT) the way forward?

(14)

Question 2.7: Which DLT applications are likely to offer practical and readily applicable opportunities to enhance access to finance for enterprises, notably SMEs?

A clustering of the opportunities to enhance access to finance for enterprises, notably SMEs, has two general groups.

The first group comprises DLT applications, making use of the innovation potential of smart contracts to improve current business practices in finance and thereby removing friction in the finance process which is especially beneficial for SMEs. The use of DLT applications based on the features of smart contracts allow for the pursuit of larger and more complex business agreements in cross SME collaborations. As a result there is new value creation on top of innovative solutions as well as new differentiation

opportunities for enterprises. We can consider a German mid-sized engineering business which engages in the lease and charge by use of their products, instead of the status quo of competing merely on features and price. The use of DLT applications will pave the way for leveraging the full potential of the new schemes of interconnection and transaction. For a large part of SME this may turn out to be the only affordable way to participate in this growing market because DLT applications come along with these features by design.

The second group contains DLT applications which are likely to improve the access to finance for enterprises in a more direct way since they can be conceived as a new kind of corporate finance instrument. Recently a lot of blockchain start-ups discovered a new way of funding themselves by so called initial coin offerings (ICOs). This development can be interpreted as the raise of a “token economy”, but it has to be stressed that these activities are early stage experiments and are lacking a reasonable degree of

securitization. At the moment, they could be classified as donations in accordance with a cooperative commons type model. Switzerland provides the most flexible financial regulatory regime so that most ICOs are performed there. However, adoptions of this funding approach and sandboxing its

mechanism, could definitely facilitate the access of SMEs to the 300 billion European bond market - thereby reducing the dependency on bank-based

financing and evolving a more robust finance ecosystem for SMEs.

Question 2.8: What are the main challenges for the implementation of DLT solutions (e.g.

technological challenges, data standardisation and interoperability of DLT systems)?

(15)

Question 2.9: What are the main regulatory or supervisory obstacles (stemming from EU regulation or national laws) to the deployment of DLT solutions (and the use of smart contracts) in the financial sector?

There is a main challenge concerning questions around compliance with Data Sovereignty and the area of auditing and conducting lawful interception of data. The right to be forgotten is one of the pillars of EU privacy and possess an example of the differing conception of DLT solutions to existing notions of privacy. The vast majority of DLT solutions are immutable in terms of data storage, that means they don’t forget by design. However, DLT

solutions offer new promising ways for data localization and data access by means of the distributed and encrypted data approach. This is a major

advantage, not least because of the mitigation of the single point of failure problem of a more interconnected economy; in particular this applies to the finance sector.

With that said it is also conceivable to amend current DLT solutions with respect to data localization and data access by implementing privacy by design features – in accordance with the data privacy regulations of today.

Nevertheless it would be well to question whether DLT should fit into current law and regulatory frameworks since it starts from a rather different

foundation. In a nutshell, DLT is not a digitization or improvement of existing processes, it exhibits features residing outside the existing

concept and therefore could lead to answers on challenges which possibly won’

t be resolved within the present structures.

Outsourcing and other solutions with the potential to boost efficiency

Question 2.10: Is the current regulatory and supervisory framework governing outsourcing an obstacle to taking full advantage of any such opportunities?

Yes No

(16)

Please elaborate on your reply to whether the current regulatory and supervisory framework governing outsourcing is an obstacle to taking full advantage of any such opportunities.

The regulatory framework for outsourcing needs to be reformed taking into consideration the various forms of cooperation between FinTechs and banks and infrastructure service providers (e.g. Cloud Solutions). On the one hand the current regulatory requirements in particular for defining an “outsourcing activity” are not sufficiently clear and should be defined in more detail. On the other hand the requirements for outsourcing are too complex and should be revised to allow the integration of FinTech services more readily.

Question 2.11: Are the existing outsourcing requirements in financial services legislation sufficient?

Yes No

Please elaborate on your reply to whether the existing outsourcing requirements in financial services legislation are sufficient, precising who is responsible for the activity of external providers and how are they supervised. Please specify, in which areas further action is needed and what such action should be.

In the current system cloud service providers are considered outsourcing services for financial institutions and are therefore falling under the same requirements as banks under the MaRisk when it comes to IT security and resilience. In the case of cloud computing the requirements towards the bank or FinTech that is outsourcing their services is not feasible, as the actual control over the infrastructure lies outside of their control. Bitkom

advocates for a licensing system that takes the requirements of technology based financial services into account leveraging the potential of cloud solutions. Following this logic we see the possibility to regulate cloud services based on only the smal part within the banking value chain that they cover without forcing them to get aquire a full banking license. Having a gradual system of licenses would promote the usage of cloud solutions without having the discrepancy between infrastructure provision and liability.

(17)

Question 2.12: Can you provide further examples of financial innovations that have the potential to reduce operational costs for financial service providers and/or increase their efficiency and of the related challenges?

N/A

3. Making the single market more competitive by lowering barriers to entry

A key factor to achieving a thriving and globally competitive European financial sector that brings benefits to the EU economy and its society is ensuring effective competition within the EU single market. Effective competition enables new innovative firms to enter the EU market to serve the needs of customers better or do so at a cheaper price, and this in turn forces incumbents to innovate and increase efficiency themselves. Under the EU Digital Single Market strategy, the EU regulatory

framework needs to be geared towards fostering technological development, in general, and supporting the roll-out of digital infrastructure across the EU, in particular. Stakeholder feedback can help the Commission achieve this goal by highlighting specific regulatory requirements or supervisory practices that hinder progress towards the smooth functioning of the Digital Single Market in financial services.

Similarly, such feedback would also be important to identify potential loopholes in the regulatory framework that adversely affect the level playing field between market participants as well as the level of consumer protection.

(18)

Question 3.1: Which specific pieces of existing EU and/or Member State financial services legislation or supervisory practices (if any), and how (if at all), need to be adapted to facilitate implementation of FinTech solutions?

The KYC requirements under the current AML regime complicate the cooperation between banks and FinTechs. In particular, the provisions on the reliance on third party KYC should be reformed to allow a broader scope of cooperation.

FinTechs should generally, be regarded under certain conditions as trusted third parties (equivalent to banks), and integrated solutions of banking services (e.g. the transnational brokering of deposits for more than one bank) should be allowed without a requirement of repeated identification. In addition, with regard to the type of documents each member state has

different requirements. In particular, in Germany the requirements

disproportionately favor face-to-face identification, which in practice is a substantial burden for providing cross-border services. The EU should strive to establish certain methods for identification applicable to cross-border cases, e.g. with a reference transaction.

Also in regards to the applicability of local AML and other local banking regulation (e.g., reporting obligations, appointment of an AML officer, separate AML policy) for cross-border institutions /services a clear and sufficient minimum requirement needs to be set. Ideally, following one set of rules should be sufficient while offering services in the single market.

Question 3.2.1: What is the most efficient path for FinTech innovation and uptake in the EU?

Bitkom supports the EU's efforts to enable an innovation friendly environment for FinTechs within the EU. The Commission's core principles 1.technological neutrality 2. proportionality and 3. market integrity go in the right

direction, Bitkom sees potential to introduce a modular licensing schema taking into account the specific requirements and incremental nature that FinTechs fill along the value chain of traditional banks. More granularity in licensing would promote trust while ensuring a proportionate and feasible approach for regulating innovation.

Question 3.2.2: Is active involvement of regulators and/or supervisors desirable to foster

competition or collaboration, as appropriate, between different market actors and new

(19)

If active involvement of regulators and/or supervisors is desirable to foster competition or collaboration, as appropriate, between different market actors and new entrants, please explain at what level?

At the level of licensing as described in 3.2.1, Bitkom sees the current licensing framework to be to complex to be fullfiled, especially if only distinct parts of the value chains are actually relevant for the business beeing regulated.

FinTech has reduced barriers to entry in financial services markets

But remaining barriers need to be addressed

(20)

Question 3.3: What are the existing regulatory barriers that prevent FinTech firms from scaling up and providing services across Europe? What licensing requirements, if any, are subject to divergence across Member States and what are the consequences? Please provide the details.

The main regulatory barriers for cross-border activities of FinTechs are (i) diverging license requirements, (ii) diverging AML requirements and (iii) different rules on consumer protection:

- National license requirements: Some services provided by FinTechs are subject to different national licenses, especially in the areas of digital brokerage / marketplace activity (e.g., credit, deposit or insurance

brokerage). Each member state takes a different view on the regulatory requirements for such activity, legislation mainly stems from early / mid 20th century with a focus on physical broker agencies with requirements towards substance / location of employees, individual knowledge, local incorporation etc . A passportable license is not available for such services. Some member states (e.g. Ireland) have substance requirements effectively preventing cross-border activities. The license process in certain cases is disproportionately long and burdensome.

- National AML Requirements: The national implementing legislation and

regulatory practice of the authorities with regard to cross-border activities is different from one member state to another. The documents to be collected are different and digital processes are difficult to implement in certain member states. In addition, the cooperation between FinTechs and established banks may be difficult because certain regulatory practice effectively causes a need to re-identify customers.

- Consumer Protection: Different rules on consumer protection make it necessary to draft contracts and change processes from one member state to another (e.g. the requirements for the renewal of contracts, wet signature or document archiving requirements). In some member states, banking contracts still require a written form – effectively excluding digital solutions and depriving the customer of innovative solutions.

Question 3.4: Should the EU introduce new licensing categories for FinTech activities with

harmonised and proportionate regulatory and supervisory requirements, including

(21)

If the EU should introduce new licensing categories for FinTech activities with harmonised and proportionate regulatory and supervisory requirements, including passporting of such

activities across the EU Single Market, please specify in which specific areas you think this should happen and what role the ESAs should play in this. For instance, should the ESAs play a role in pan-EU registration and supervision of FinTech firms?

Bitkom in conviced, that companies should have the possibility to be only regulated for the type of activity they do without the requirement to get a full banking license if not necessary. ESA should provide the framework for a european licensing system similar to the european driving license. A modular system should be developed setting the framework for national supervisory institutions to follow.

Question 3.5: Do you consider that further action is required from the Commission to make the regulatory framework more proportionate so that it can support innovation in financial

services within the Single Market?

Yes No

If you do consider that further action is required from the Commission to make the regulatory framework more proportionate so that it can support innovation in financial services within the Single Market, please explain in which areas and how should the Commission intervene.

The Commission could propose the a regulation for the development of a proportionate and modular licensing schema that is passportable throughout the whole union. In addition the EU should consider that the system of

national supervision leads to consistent results when evaluating institutions in order to create a true level playing field for innovative companies within the Single Market.

Question 3.6: Are there issues specific to the needs of financial services to be taken into account when implementing free flow of data in the Digital Single Market?

Yes No

(22)

Please elaborate on your reply to whether there are issues specific to the needs of financial services to be taken into account when implementing free flow of data in the Digital Single Market, and explain to what extent regulations on data localisation or restrictions on data movement constitute an obstacle to cross-border financial transactions.

While the General Data Protection Regulation solves parts of the problem, critical areas remain when it comes to the exchange of data towards the

credibility and creditworthiness of customers. The current national system in place in germany does not consider accounts held in other countries nor does it provide data for financial institutions placed outside Germany. Its

therefore crucial to establish a way of making credit scores and creditworthiness data available across the EU.

Question 3.7: Are the three principles of technological neutrality, proportionality and integrity appropriate to guide the regulatory approach to the FinTech activities?

Yes No

Please elaborate on your reply to whether the three principles of technological neutrality, proportionality and integrity are or not appropriate to guide the regulatory approach to the FinTech activities.

N/A

Role of supervisors: enabling innovation

(23)

Question 3.8.1: How can the Commission or the European Supervisory Authorities best coordinate, complement or combine the various practices and initiatives taken by national authorities in support of FinTech (e.g. innovation hubs, accelerators or sandboxes) and make the EU as a whole a hub for FinTech innovation?

Bitkom advocates for a free market and supports the idea that member states can compete in order to make their country attractive for innovations and new businesses. The role of ESA in this regard should be to apply unified

standardized regulation for certification in order to create a level playing field when it comes to security and resilience requirements for FinTechs, independent from the nation they operate from. Licensing requirements should be no variable for competitiveness among member states.

Question 3.8.2: Would there be merits in pooling expertise in the ESAs?

Yes No

Please elaborate on your reply to whether there would be merits in pooling expertise in the European Supervisory Authorities.

Having a unified body regulating with the same criteria would ensure a fair and comparable competition between innovative businesses in Europe,

independent from their country of residence.

Question 3.9: Should the Commission set up or support an "Innovation Academy" gathering industry experts, competent authorities (including data protection and cybersecurity

authorities) and consumer organisations to share practices and discuss regulatory and supervisory concerns?

Yes No

(24)

If you think the Commission should set up or support an "Innovation Academy" gathering industry experts, competent authorities (including data protection and cybersecurity authorities) and consumer organisations to share practices and discuss regulatory and supervisory concerns, please specify how these programs should be organised.

Such a program could be organised leveraging the network of business

associations and scientific institutions. Bitkom would be highly interested to support such attempts.

Question 3.10.1: Are guidelines or regulation needed at the European level to harmonise regulatory sandbox approaches in the MS?

Yes No

Please elaborate on your reply to whether guidelines or regulation are needed at the European level to harmonise regulatory sandbox approaches in the MS?

A unified European approach to harmonise regulatory sandbox approaches would help specific member states to overcome their hesitance to establish such rules. A European regulation would therefore enable a consistent culture of innovation in the finance industry supporting the goal of a Digital Single Market (DSM).

Question 3.10.2: Would you see merits in developing a European regulatory sandbox targeted specifically at FinTechs wanting to operate cross-border?

Yes No

(25)

Question 3.11: What other measures could the Commission consider to support innovative firms or their supervisors that are not mentioned above?

Bitkom is not convinced that a regulatory sandbox would solve the systemic problem that complex licensing creates for innovation. We see a proportionate and modular licensing schema, which takes the specific requirements of euch business model into account as a key feature of a innovative and supporting market economy. Being able to passport such licenses would enable a true single european market for financial products.

Role of industry: standards and interoperability

Question 3.12.1: Is the development of technical standards and interoperability for FinTech in the EU sufficiently addressed as part of the European System of Financial Supervision?

Yes No

Please elaborate on your reply to whether the development of technical standards and interoperability for FinTech in the EU is sufficiently addressed as part of the European System of Financial Supervision.

Bitkom supports the development of unified technical standards for

interoperability through ESFS. But as the current situation for developing RTS through EBA shows, it is highly critical if comitology procedures are unsynced with the entering into force of related primary legislation.

Sufficiently addressing would therefore mean providing the appropriate resources and infrastructure to allow a synchronized application of primary and secondary legislation. This could be achieved by prioritising regulations over directives in order to support a unified single market.

Question 3.12.2: Is the current level of data standardisation and interoperability an obstacle to taking full advantage of outsourcing opportunities?

Yes No

(26)

Please elaborate on your reply to whether the current level of data standardisation and interoperability is an obstacle to taking full advantage of outsourcing opportunities.

While the current solutions mentioned in the PSD2 go in the right direction, the approach being taken is still to narrow. The PSD2 introduces the concept of opening payment accounts to service providers, it does not touch other types of accounts, like for asset and wealth management. Bitkom advocates for a systemic approach when regulating access and interfaces rather than just setting specific regulation for each unique case.

Question 3.13: In which areas could EU or global level standards facilitate the efficiency and interoperability of FinTech solutions? What would be the most effective and competition- friendly approach to develop these standards?

N/A

Question 3.14: Should the EU institutions promote an open source model where libraries of open source solutions are available to developers and innovators to develop new products and services under specific open sources licenses?

Yes No

Please elaborate on your reply to whether the EU institutions should promote an open source model where libraries of open source solutions are available to developers and innovators to develop new products and services under specific open sources licenses, and explain what other specific measures should be taken at EU level.

As a broad variety of existing business models is built on proprietary libraries, any promotion of open source models should not disadvantage

(27)

Question 3.15: How big is the impact of FinTech on the safety and soundness of incumbent firms? What are the efficiencies that FinTech solutions could bring to incumbents? Please explain.

As FinTechs address various aspects of the financial services ecosystem, including front end as well as back end services of incumbent firms, no consistent answer can be given. Providing additional channels for customer interaction, it is crucial to streamline the interfaces between incumbent providers and FinTechs to ensure a consistent interaction and secure

information flow. Providing additional channels for customer interaction for incumbent firms, FinTechs often help incumbents to leverage the potential that their products and services entail. Bitkom sees therefore no difference between the development of new products and services via FinTechs or the in house development at incumbent firms being outsourced to 3rd party vendors.

In this regard FinTech companies can be seen as outsource innovation entities providing self empowered, value added services that can lead to a scaling up of incumbent firms services while satisfying additional customer needs.

4. Balancing greater data sharing and transparency with data security and protection needs

Question 4.1: How important is the free flow of data for the development of a Digital Single Market in financial services? Should service users (i.e. consumers and businesses

generating the data) be entitled to fair compensation when their data is processed by service providers for commercial purposes that go beyond their direct relationship?

Having a free flow of data is essential for successful collaboration across borders in times of integrated IT-systems and seamless customer experiences.

Nevertheless, customer data should only be processed according to the terms of service that a customer agrees upon with his service provider. It is crucial that the customer has the possibility to take a conscious decision, which data he wants to share and which data not to keep. Companies should ensure transparency about their data usage in order to enable a conscious customer's decision. Reliability and transparency are the key to keep the customers trust in data driven services and products allowing their full potential to be used.

Storing and sharing financial information through a reliable tool

(28)

Question 4.2: To what extent could DLT solutions provide a reliable tool for financial information storing and sharing? Are there alternative technological solutions?

See Answer 2.9

Question 4.3: Are digital identity frameworks sufficiently developed to be used with DLT or other technological solutions in financial services?

Yes No

Please elaborate on your reply to whether digital identity frameworks are sufficiently developed to be used with DLT or other technological solutions in financial services.

In financial services a strong identity framework is required to enforce security and financial regulations e.g. on money laundering. Today there are various efforts and initiatives around the globe to combine convenient and strong identification. Examples are the use of biometrics, evidence based schemes and national identities. These initiatives should be observed considering their applicability in DLT solutions.

Furthermore the era of the machine economy challenges the regulatory

framework since there will be the need of extending secure digital identities to machines, robots and things in general - especially with regard to

autonomous machines that possess a wallet to engage in economic transactions with other machines on their own. The report of the European Parliament to the commission with recommendations on Civil Law Rules on Robotics (2015/2103 (INL)) provides a good starting point and DLT solutions should be regarded as a means for paving the way for a sustainable development.

(29)

Question 4.4: What are the challenges for using DLT with regard to personal data protection and how could they be overcome?

DLT can provide strong features to protect personal data through the concept of distributed and encrypted data as means to accomplish a high degree of secured and protected data storage. For the discussion of the general challenges for using DLT with regard to personal data, we may refer to the reasoning of our response on 2.9 proposing privacy engineering for DLT.

It should also be noted that from a compliance perspective the distributed nature of the information storage could become a challenge, as the current regime is based on physical world concepts, i.e. physical location. That should be transferred into digital pendants such as data access / data custody.

The power of big data to lower information barriers for SMEs and other users

Question 4.5: How can information systems and technology-based solutions improve the risk profiling of SMEs (including start-up and scale-up companies) and other users?

Data driven information systems can help to provide additional data points for risk profiling of SMEs. Being able to combine a broad variety of factors is already an essential element of current risk profiling practices. A

doctrine allowing the structured exchange of data based on customer buy-in could set a foundation to develop standard mechanisms and procedures for data exchange and sharing leading to a higher maturity of risk profiling in the future.

(30)

Question 4.6: How can counterparties that hold credit and financial data on SMEs and other users be incentivised to share information with alternative funding providers ? What kind of policy action could enable this interaction? What are the risks, if any, for SMEs?

The customer should be at the center of all decisions being made regarding the usage of his data. In order to get alternative funding, customers and SMEs should provide a buy in order to enable the sharing of information.

Regulation in this area should ensure that a transaction of customer data is allowed, whenever the customer agrees to it. The principle of data

sovereignty should become the core principle of data protection enabling state of the art services while providing transparency and self determination for the customer. Risks appear whenever the alternative funding providers has to take a decision based on incomplete or wrong information. If users or SMEs are rejected funding based on wrong or inaccurate information provided, they should be empowered to get insights into the origin of their data and be provided an opportunity to correct wrong or misleading data.

Security

Question 4.7: What additional (minimum) cybersecurity requirements for financial service providers and market infrastructures should be included as a complement to the existing requirements (if any)? What kind of proportionality should apply to this regime?

N/A

(31)

Question 4.8: What regulatory barriers or other possible hurdles of different nature impede or prevent cyber threat information sharing among financial services providers and with public authorities? How can they be addressed?

Sharing information about vulnerabilities is seen as a major threat for

businesses, as reputation loss can have a significant business impact. At the same time, the sharing should consider that the majority of IT infrastructure among financial service providers is custom build and vulnerabilities

therefore not systemic.

Being able to operate within a framework of anonymity allowing the open sharing of information without having the fear a sever reputation loss in case of data breaches or vulnerabilities could enable a broader dialogue of cyber security experts among financial institutions. Such a dialogue could lead to the development of standard resilience procedures resulting in higher security standards for the industry as a whole. Bitkom sees the potential that such dialogues could be held within the workings groups of ENISA.

Question 4.9: What cybersecurity penetration and resilience testing in financial services should be implemented? What is the case for coordination at EU level? What specific elements should be addressed (e.g. common minimum requirements, tests, testing scenarios, mutual recognition among regulators across jurisdictions of resilience testing)?

Technology neutrality should always be the core principle for formulating cybersecurity requirements. Minimum requirements can therefore be held high level allowing the custom development of cybersecurity infrastructure

covering future technologies to come. Being too specific could lead to

innovation hindering requirements being formulated, that cannot be applied to new types of products and services.

Other potential applications of FinTech going forward

Question 4.10.1: What other applications of new technologies to financial services, beyond those above mentioned, can improve access to finance, mitigate information barriers and/or improve quality of information channels and sharing?

N/A

(32)

Question 4.10.2: Are there any regulatory requirements impeding other applications of new technologies to financial services to improve access to finance, mitigate information barriers and/or improve quality of information channels and sharing?

Yes No

Please elaborate on your reply to whether there are any regulatory requirements impeding other applications of new technologies to financial services to improve access to finance, mitigate information barriers and/or improve quality of information channels and sharing?

N/A

3. Additional information

Should you wish to provide additional information (e.g. a position paper, report) or raise specific points not covered by the questionnaire, you can upload your additional document(s) here:

Useful links

More on the Transparency register (http://ec.europa.eu/transparencyregister/public/homePage.do?locale=en) Consultation details (http://ec.europa.eu/info/finance-consultations-2017-fintech_en)

Specific privacy statement (https://ec.europa.eu/info/sites/info/files/2017-fintech-specific-privacy-statement_en.pdf)